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Abstract: One of the most commonly used forms of security today is the 
password. In recent years, however, unidentified hackers have deployed 
password gathering programs over uhe Internet/ which have succeeded in tens 
and thousands of passwords being coMected ana many abused. It is now clear 
that the traditional standalone password da4s not provide strong levels of 
authentication in today's netwoxrked/ environment, with or without 

encryption. This is because the same passwords are used over and over again 
and the password passes across the netwoYk as clear text. Although Internet 
"break-ins* have received most of ttfeNpublicity, the problem of illegal 
access is ubiquitous across networks oft all types, especially corporate 
intranets, local area networks and widk area networks. The latest two 
-factor super smart card technology combined with encryption aims to 
authenticate the user, not just a/password. \ ( 0 Refs) 

Subfile: B C 

Descriptors: authorisation; cryptography; Internet; local area networks; 
smart cards; wide area networks 

Identifiers: security; Internet; user authentication; illegal access; 
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encryption 

Class Codes: B6210L (Compute/r communications); C562tfW (Other computer 
networks); C6130S (Data secur/ty) ; C5620L (Local area \jetworks ) 
Copyright 1998, IEE 

Abstract: One of the mo/t commonly used forms of secWity today is the 
password. In recent yea^rs, however, unidentified hackers have deployed 
password. . . 

. . . many abused. It is/ now clear that the traditional standalone password 
does not provide strong levels of authentication in today's networked 
environment, with or without encryption. This is because the same passwords 
are used. . . 

...across networks of all types, especially corporate intranets, local area 
networks and wide area networks. The latest two -factor super smart 
card technology combined with encryption aims to authenticate the user, 
not just a password. 
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Security on the Internet: authenticating the user 
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Document type: journal article Language: English 
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ISSN: 0040-2494 



ABSTRACT : 

One of the most commonly used forms of security today is the password. In 



recent years, however, unide^^f ied hackers Wave deployed pas^fcrd 
gathering programs ovel^the Internet which Have succeeded in tens and 
thousands of passwords being collected and/many abused. It is now clear 
that the traditional standalone password dc/es not provide strong levels of 
authentication in today networked environment, with or without 
encryption. This is becausV\the same pas/swords are used over and over again 
and the password passes across the network as clear text. Although Internet 
'break-ins' have received mc^sV of the dublicity, the problem of illegal 
access is ubiquitous across networks dk all types, especially corporate 
intranets, local area networks \nd wi#le area networks. The latest two 
-factor super smart card tecVnol/ogy combined with encryption aims to 
authenticate the user, not j ust \ Password. 

DESCRIPTORS: CIPHERING — ENCRYPTION ,\ LAN —LOCAL AREA NETWORKS; SMART CARDS; 
LONG DISTANCE NETWORKS l\ 

IDENTIFIERS: AUTORISIERUNG; ANWENDERRERECHTIGUNG; INTRANET VEREINIGUNG; 
Verschluesselung; Lokales Netz 

ABSTRACT: // 
One of the most commonly used forms qf\ security today is the password. In 
recent years, however, unidentified hackers have deployed password. . . 

. . .many abused. It is now cyear that the traditional standalone password 
does not provide strong levels of authentication in today ! s networked 
environment, with or withoyi't encryption. Th£s is because the same passwords 
are used. . 

...across networks of all^tyg^es, especially corporate intranets, local area 
networks and wide area networks. The latest two -factor super smart 
card technology combined with encryption aims to* authenticate the user, 
not just a password. 
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... square gold-coloured computer chip. 

Most people are already familiar with the smaller format smartcards 
used in cellular phones , known as Subscriber Information Module (SIM) 
cards. The most common implementation of the full-size card in the UK is 
that used as a "viewing card 11 for... 

...future, it should even be possible for multiple applications stored on 
the same card to interact with each other . Smartcards also provide us 
with so much more in the way of security than has been hitherto... 

...recently introduced the SecurlD 1100 Smart Card, the first smartcard to 
work with its Ace/Server strong authentication enterprise security 
solutions . 

The new smartcard combines security with convenience, enabling 
organisations to use a single card... 



...on the Gemplus MPCOS mult^^ppli cation microprocessor cardJPthe SecurlD 
1100 Smart Card provides the Ace/Server authentication as well as 
offering more than 7Kbyte of free Eprom memory space for additional 
applications . 

This moves . . . 

...between the card reader and the smartcard 1 s contacts 

* Contactless smartcard - communicates via an antenna using a radio 
frequency signal. No physical contact is required between the card and a 
card reader 

* Electronic purse - any small portable device which stores data 
with a monetary value. The smartcard is the ideal device to implement an 
electronic . . . 

...stored value card. 

* Security access module - is the dedicated microprocessor unit that 
allows the card reader to authenticate the user's identity. 

* Subscriber information module (Sim) - a specific type of smartcard 
for GSM systems holding the subscriber's ID number, thus allowing him to 
call from any GSM device. 

Summary 

Smartcards can contain both memory software and a processor, 
allowing them to act as pure repositories or to run on-board . . . next 
generation of "smart phones' 1 , allowing you to browse the Web and order 
goods using just your cell phone . 
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TEXT: 

...in October 1998. Through this effort, HP aims to increase PC 
security within the network by eliminating common inter-network security 
risks and provide end users with seamless PC security. In the spring, HP's 

...implement a corporate smart-card program. The accessory will include the 
following: o PC/SC standard-based smart - card reader; o two smart 
cards ; o Windows NT-compatible login software; and o single sign-on 
software. HP ProtectTools security features, available... 



.0 ports. HP's strong relationships with industry leaders such as 



Microsoft, Gemplus, Schlumbe^^r and HP subsidiary VeriFone^Mean that HP 
customers will receive the very latest in security technology as soon as it 
becomes . . . 

...provider of computing, Internet and intranet solutions, services, 
communications products and measurement solutions, all of which are 
recognized for excellence in quality and support. HP has 124,600 employees 
and had revenue of $47.1... 
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TEXT: 

...ready for the day when you can't use a fax machine because it 
physically doesn't recognise you. 

office is a serious issue, but a company called First Access 
believes it has the answer. 

Its Authentication Suite provides a security solution for corporate 
networks, allowing computers to authenticate a iser automatically 
"without any action on his part" from a distance of several metres. They 
call it "vicinity authentication 11 . Users carry a card somewhere about 
their persons, which shares identification information and the user's 
security profile with a sensor. As you leave your desk, your workstation... 
...modal nature having effortlessly used the MTR, you needn't then root 
around for change for a connecting bus. Moreover, says Pote, the Octopus 
cards "can already be used at photo booths and in payphones... 

...BA is experimenting with smartcard passenger-tracking to try to improve 
punctuality. 

In a recent trial, a joint project with electronic retail giant 
Philips, about 15,000 passengers were issued with cards when they checked 
...all engine electronics on the card. All the personal settings of the 
driver - seat adjustment, steering wheel, radio station, mirrors - can be 
stored," and altered accordingly as you unlock the door. "You can also 
limit . . . 

...had a high number of accidents and offences, and a poor record of 
recovering fines, " says Brown. " Smartcard licences record both offences 
and unpaid fines." Local authorities expect the system to recover at least 
$10m ( (pounds) 6. 2m. . . 

...Barclays - several branches are participating in the trial - and the 
bank generates digitally an electronic signature to validate their online 
applications. As well as easing the application process, it reduces 
paperwork for the government department... 

...access to the information on it. The cards could also carry an 
electronic prescription that could be validated at the pharmacist." 

The Royal Devon and Exeter Hospital had card-reader capacity in 
accident and emergency. . . 

...or hospital specialist or pharmacist, their own card shows they are bona 
fide, the cards talk to each other and access is allowed." 
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Smartcard invasion continues, (includes related articles on developing 
smartcard applications, using smartcards and smartcard standards) 
(Technology Information) 

Cobb, Stephen 

Byte, v23, n4, pll2C(4) 

April, 1998 

ISSN: 0360-5280 LANGUAGE: English RECORD TYPE: Abstract 

ABSTRACT: Smartcards, already popularly used in Europe, has not caught the 
US market by storm. Analysts forecast, however, that the technology will 
become a universal means for authenticating computer users. Smartcards 
can implement two -factor authentication , with strong access controls to 
data and actual access control to a computer. When biometric 
authentication is added, three-factor authentication is in place. 
Security Dynamics and DataKey, the two top suppliers of token-based 
authentication , are now using smartcards as alternatives to their 
proprietary tokens. The Preboot Crypto API being jointly developed by RSA 
Security and Phoenix Technologies will hasten the application of smartcards 
for PC security. 
SPECIAL FEATURES: photograph; table; chart; illustration 
DESCRIPTORS: Smart Card; Technology Development; Technology Overview 
PRODUCT/ INDUSTRY NAMES: 3679120 (Magnetic Cards) 

SIC CODES: 3679 Electronic components, not elsewhere classified 
FILE SEGMENT: CD File 275 

...ABSTRACT: the US market by storm. Analysts forecast, however, that the 
technology will become a universal means for authenticating computer 
users. Smartcards can implement two -factor authentication , with 
strong access controls to data and actual access control to a computer. 
When biometric authentication is added, three- factor authentication is 
in place. Security Dynamics and DataKey, the two top suppliers of 
token-based authentication , are now using smartcards as alternatives to 
their proprietary tokens . The Preboot Crypto API being jointly developed 
by RSA Security and Phoenix Technologies will hasten the application of 
smartcards for PC security. 
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Data security for mobile and remote users, (includes directory of remote 

access devices, remote control and encryption software) (Technology 

Information) 

Cobb, Stephen 
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ISSN: 1090-6436 LANGUAGE: English RECORD TYPE: Fulltext; Abstract 
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ABSTRACT: Portable computer users should attempt to minimize the 
repercussions of computer theft by encrypting system data and regularly 
making full backups of hard drives. The small size of notebook computers 
makes them a more attractive target for thieves, and mobile users should 
carefully monitor its whereabouts whenever they travel. BIOS-based security 
features can be used to require passwords each time a system is started, 
and some encryption software packages offer thorough levels of data 
security, but password management must be taken seriously. The remote 
access points that telecommuters and mobile personnel use to gain entry 
into a corporate network are the most frequent point-of-entry for computer 
hackers. Two- factor authentication is increasingly used by computer and 
modem vendors to enhance security for notebook computer users. 



SPECIAL FEATURES: illustration; table 

DESCRIPTORS: Encryption; Data Security Issue; Notebook Computer; 

Technology Overview 
FILE SEGMENT: CD File 275 

and software solution that creates a special node on the network 
with the ability to receive and authenticate multiple incoming calls. The 

connection should be authenticated by something stronger than an 
ordinary password, such as a one-time password generated by a smart card 

Two -factor authentication 
Modem maker U.S. Robotics uses the SecurlD system on its Total 
Control Enterprise Network... 
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Disarming the Net. (security challenges resulting from connection to the 
Internet) (Network Edition) (Internet/Web/Online Service Information) 

Erlanger, Leon 

PC Magazine, vl6, nil, pNEl(5) 
June 10, 1997 

ISSN: 0888-8507 LANGUAGE: English RECORD TYPE: Fulltext; Abstract 

WORD COUNT: 3453 LINE COUNT: 00283 

ABSTRACT: Establishing a Web presence and giving employees Internet access 
creates an entirely new set of security threats; malicious outsiders can 
infiltrate company systems. The first step in ensuring corporate Internet 
security is to establish a comprehensive security policy that clearly 
defines who has access to what services and establishes employee 
accountability for such responsibilities as protecting passwords. 
Firewalls, which act as barriers between internal and external networks and 
filter incoming and outgoing data, are common security tools. Some 
firewalls use simple packet filtering, while more sophisticated ones are 
application gateways. Authentication methods can include passwords, 
tokens and smart cards; many such products use a challenge/response system. 
Encryption helps prevent E-mail or Internet transactions from being 
intercepted. Virtual private networks (VPN) create secure 'tunnels 1 between 
two sites and are often used for secure remote access or electronic 
commerce . 

SPECIAL FEATURES: illustration; photograph; table 

DESCRIPTORS: Internet/Web Overview; Data Security Issue; Internet 
FILE SEGMENT: CD File 275 

Disarming the Net. (security challenges resulting from connection to the 
Internet) (Network Edition) ( Interne t/Web/Online Service Information) 

...ABSTRACT: Firewalls, which act as barriers between internal and 
external networks and filter incoming and outgoing data, are common 
security tools. Some firewalls use simple packet filtering, while more 
sophisticated ones are application gateways. Authentication methods can 
include passwords, tokens and smart cards; many such products use a 
challenge/response system. Encryption. . . 

TEXT: 

Connecting with the Internet brings a host of new security 
challenges to your corporate network. Here are some... 

some malicious intent has a new way to infiltrate internal company 
systems and network devices: the Internet connection . Once inside, an 
intruder can find ways to snoop around; destroy, change, or steal data; and 
wreak . . . 



...infrastructure as an inexpensive vehicle for linking two d^^tiore 
geographically isolated LANs and for remote access connections . And 
widespread Internet commerce, requiring millions of secret transactions, 
may be just around the corner. 

The network security market is responding quickly to the Internet 
challenge by adapting existing authentication and encryption technologies 
to Internet connections and by developing new security products. The 
market today is a mess of evolving standards, technologies, and. . . 

...your network for security problems, and a Web server protection package 
from Haystack Labs. 

Security Policy 

Internet connections , like any type of connection , will never be 
100 percent secure. Rather than aiming for total security, an organization 
has to assess . . . 

...be either to devise or to revise a comprehensive security policy for 
your organization that takes Internet connections into account. This 
policy should define in detail which employees have rights to which 
services. It should... 

...taken if a security violation is detected. Such a policy can serve as an 
invaluable tool for determining where to put your security dollars. The 
Site Security Handbook, written by the Network Working Group of... 

...security consulting. Once you establish a policy, you should start 
evaluating the use of firewalls, encryption, and authentication . 
Firewalls 

Mention Internet security and most people start talking about 
firewalls. Firewalls aren't an Internet security... 

...specific Internet services, such as HTTP, FTP, and telnet, that run on a 
server with two network connections , acting as a server to the 
application client and as a client to the application server. 
Since . . . 



...as RealAudio. If you plan to use a firewall solely as a perimeter 
defense behind a Tl connection to your ISP, you may not have to worry 
about performance; the low bandwidth of the connection will become 
saturated before the firewall. 

Many organizations, however, will want to consider using additional 
firewalls internally Resources, that contain sensitive information. In such 
cases, performance is a concern, because the connection is likely to be 
10-Mbps Ethernet or 100-Mbps Fast Ethernet. If you plan to use... 

...to offer complete Internet security solutions. Most of these features 
will be discussed below. They include encryption, authentication , 
antivirus protection, protection from misbehaved Java and ActiveX 
downloads, and even server load balancing. If you're... 

...and Haystack Labs 1 WebStalker, reviewed in First Looks, are products 
that concentrates on Web server protection, providing authentication as 
well as monitoring and alarms for unauthorized activities. 
Authentication 

Firewalls do their authentication using IP addresses which are 
assigned to each server, client, and network device and can be spoofed. . . 

...access over the Internet to sensitive internal files and data, you'll 
want to make sure to authenticate the actual user. Authentication 
simply describes the numerous methods that positively identify a user. 
Passwords are the most common method of authentication used today, but 
users are notorious for making poor password choices that can be guessed by 
an. . . 



...user carries around. 

Many of these products use a challenge-response scheme. When the user 
attempts to connect , an authentication server on the network issues a 



challenge, which the user ke^^into the token device. The dev^l... 

...those from Check Point, Raptor, and Trusted Information Systems. You 
simply configure the firewall products to forward authentication for 
certain services to the designated third-party server, or use any included 
authentication service . 

Smart cards used for authentication are similar to tokens, except 
they require a smart card reader to process the challenge. Though these... 

...expensive than tokens, ranging in price from $40 to $250 per user. 
Gemplus and SCM Microsystems are two manufacturers of smart card 
readers. PC Card devices are also available but more expensive. 

Digital certificates, described in the following encryption 
discussion, are an up-and-coming authentication method that holds great 
promise for messaging and electronic commerce. 

Encryption 

As offices and organizations have connected to the Net in droves, 
many have begun eyeing the Internet infrastructure as an inexpensive 
vehicle for wide-area and remote connections . To use the Internet for 
these purposes, however, companies have to protect their information with 
encryption. Encryption in their messaging systems. This will allow the 
messaging systems to send secure e-mail to each other . They can also 
address several desktop e-mail encryption packages, including ConnectSoft 
's EMail Connnection, OpenSoft's ExpressMail, and Deming Internet 
Security's Secure Messenger, support S/MIME. For... 

...asymmetric RSA encryption. 

This combined method of encryption not only assures data privacy, it 
also enables an authentication mechanism called the digital signature. 
Any value encrypted using the sender's private key authenticates the 
sender. Any data decrypted using the recipient's private key authenticates 
the recipient. 

Public keys are generally authenticated with digital certificates, 
which accompany transactions and are signed by a certificate authority. A 
certificate authority, officially... 

...larger, more public entity such as GTE, Nortel, or Verisign — well known 
for their stringent processes to verify identities and assign digital 
certificates. X.509 is the most widely used industry standard for defining 
digital . . . 

. . .will be one of the primary security techniques used in the credit card 
and digital cash transactions common in electronic commerce. Secure 
Sockets Layer (SSL) is a transport-layer technology developed by Netscape 
to allow. . . 

. . .used to describe remote access over the Internet, as well as use of the 
Internet infrastructure for connecting two offices of an organization or 
even two different organizations. Several firewall products provide VPN 
capability, including. . . 

...Plus, and Trusted Information Systems 1 Gauntlet. 

With remote access, the remote user calls the local ISP, then 
connects to the central network over the Internet. Two industry standards 
have recently become interoperable to make remote access and connections 
over virtual private networks a viable strategy--Ascends 1 and Microsoft ! s 
Point-to-Point Tunneling protocol and. . . 

...now combined by the IETF to form theLayer Two Tunneling Protocol (L2TP) . 
This standard essentially allows the authentication and authorization 
process to be forwarded from the ISP to a server located elsewhere on the 
Internet . . . 

...It will enable VPN products that support the standard to communicate 
public keys and encryption algorithms with each other to set up VPN 
sessions. Again, most VPN products and firewalls supporting VPN plan to 
support IPsec. . . 




...Technologies, Information Resource Engineering, RedCreek Communications, 
and VPNet. Several of the solutions are available for both network 
connections and the mobile user. Many of these devices handle key 
management automatically. Prices range from $1, 300 ... definitely see 
security-related standards finalized and Internet security solutions 
consolidated. 

Meeting the Threats Here are six common Internet security problems 
and their solutions. 

Interception of e-mail 

Encrypt e-mail using desktop or server encryption hardware or 
software. Use digital signatures and certificates to authenticate senders 
and verify that e-mail has not been tampered with. 

Theft or alteration of corporate information 

Same procedures as... 
...the perimeter with firewalls. If you want remote users to access 
sensitive internal data, set up an authentication server on the network 
and equip remote users with authentication tokens or smart cards. 

Disruption of network devices and services 

Protect the perimeter with firewalls. Set up an authentication 
server on the network and equip remote users with authentication tokens 
or smart cards. 

Misbehaved Java and ActiveX applets 

Configure firewalls to block Java and ActiveX applets... 
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ABSTRACT: Smart cards are vulnerable to tampering, according to two 
Israeli researchers. Smart cards are promoted as a tamper-proof 
solution for computer security. They are expected to be widely used in the 
US for cash transactions, identity authentication , and access to 
buildings or equipment. The problem is not expected to be wide-spread 
because breaching the cards ' security requires an in-depth knowledge of 
cryptography technology. The researchers used Differential Fault Analysis 
to break the Digital Encryption Standard, one of the most common 
cryptographic formulas. The technique causes a card to commit an error by 
subjecting it to microwave radiation or ionizing, then comparing faulty 
results with accurate results. The card can be easily counterfeited once 
the key is identified . Deployment of the cards is expected to continue, 
despite the security concerns, with two billion smart cards in 
circulation by the end of the century. 

DESCRIPTORS: Smart Card; Data Security Issue; Technology Overview 
PRODUCT/ INDUSTRY NAMES: 3679120 (Magnetic Cards) 

SIC CODES: 3679 Electronic components, not elsewhere classified 
FILE SEGMENT: NNI File 111 

ABSTRACT: Smart cards are vulnerable to tampering, according to two 
Israeli researchers. Smart cards are promoted as a tamper-proof 
solution for computer security. They are expected to be widely used in the 
US for cash transactions, identity authentication , and access to 
buildings or equipment. The problem is not expected to be wide-spread 
because breaching... 

...technology. The researchers used Differential Fault Analysis to break 
the Digital Encryption Standard, one of the most common cryptographic 



formulas. The technique causWa card to commit an error by SRecting it 
to microwave radiation. . . 



...then comparing faulty results with accurate results. The card can be 
easily counterfeited once the key is identified . Deployment of the cards 
is expected to continue, despite the security concerns, with two billion 
smart cards in circulation by the end of the century. 
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Kyocera models its palmtop Refalo on the Filofax. (Kyocera Corp.) (product 
announcement) 

Computergram International, nl560, CGI04250003 
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ENGLISH RECORD TYPE: FULLTEXT 

WORD COUNT: 349 LINE COUNT: 00025 

COMPANY NAMES: Kyocera Corp. — Product introduction 

DESCRIPTORS: Product Introduction; Laptop/Portable Computer; Hand-Held 
Computers 

SIC CODES: 3571 Electronic computers 
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TRADE NAMES: Kyocera Refalo (Portable computer) — Product introduction 
FILE SEGMENT: CD File 275 

Sounds unlikely, but Kyocera Corp pioneered the notebook computer 
market, but its name is little known in connection with small computers 
because its original machines were sold only OEM - so Tandy Corp gets the 
credit . . . 

...192Kb of RAM and standard RS-232 input-output interfaces and slots in 
the back cover for two memory chip cards for additional programs and 
for secondary storage. The machine looks like a Filofax, weighs just 1 lb 

...enables the machine to be controlled entirely with the stylus. The 
company claims that the Refalo can recognise handwritten input when the 
user draws the characters one at a time in a grid of small... 

...the ring binder, uses touch-sensitive alphanumeric keys and uses 
electromagnetic induction through the notebook rings to connect to the 
machine. Although the machine is fully operable without, an optional 
keyboard will be available using. . . 
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Security - Window Of Vulnerability - Outside security breaches are 

rising, mainly because of the Net, but companies are starting to 
respond 

Bob Violino and Beth Davis 
INFORMATIONWEEK, 1997, n 621, PG14 
PUBLICATION DATE: 970310 

JOURNAL CODE: IWK LANGUAGE : English 

RECORD TYPE: Fulltext 

SECTION HEADING: Top Of The Week 

WORD COUNT: 1625 

TEXT: 

First, the bad news : Corporate information systems are as vulnerable 
as ever to break-ins, with the Internet increasingly giving intruders 



their window. Now the good ^K/s : Companies are finally expai^Rig their IT 
security staffs and working closely with law- enforcement officials and 
security-product vendors to fight back. 

, . . up security. Also, the company plans to use security tokens- 

hardware that provides encryption and two- factor authentication -for 
users who need access to sensitive data via the Internet. "There are 
tools that, if used. . . 

. . .members . 

"Since many of these organizations are competing, we * re focusing on 
sharing information and building a common infrastructure without 
compromising proprietary information, " says consortium president Daniel 
Schutzer, VP and director of advanced business technology. . . 

. . .Washington that includes user organizations, has formed a committee to 
explore what private companies can do through joint efforts. A recent 
meeting drew representatives from 70 companies, including AT&T, Chrysler, 
Dow Chemical, IBM, Price... 

...a broad platform to make recommendations on what's necessary to deal 
with the security problem, including joint security initiatives," says 
John Wilson, VP of technology policy at the council. 

More joint security ventures are needed, particularly in the area 
of standards, says Ken Cutler, VP and director of... 

...that the company uses, analysts, applications development people, 
engineers . " 

But industry experts say security breaches will remain commonplace 
as long as most companies refuse to acknowledge they could be hit. " 
Corporate America has been burying ... server and every workstation," 
Deshpande says. 

SKIP provides mechanisms to generate, transmit, and revoke keys used 
for authentication in public-key cryptography. Sun partners will 
deliver products next month that use SKIP, Deshpande says. Sun... 

...trusted third party that manages the certificates. 

Hewlett-Packard will broaden its security offerings this week with 
two smart - card solutions that include the cards, readers to scan the 
information stored on the processor embedded in the... 

...toolkit to let third-party vendors build hooks into applications that 
can then use the smart-card authentication capability, says Thierry 
Costa, HP's global smart-card business manager. The cards will be 
integrated with. . . 

...of products, security managers say hardware and software vendors must 
do more. "They need to work with each other and share their 
information and technologies to deliver security packages with 
interoperable products that support a variety. . . 
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Smart cards have earned their stripes 
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SECTION HEADING: Design - IC Expo Highlights 

WORD COUNT: 606 

TEXT: 

The standard magnetic-stripe card has been a booming success; today 



there are several hundred mrwion "mag-stripe" cards in cird^rtion 
worldwide. The largest application, by far, is credit cards. Worldwide, 
there are over 375,000 ATM machines and over 12 million point-of-sale 
(POS) readers that will accept them. 

Smart cards" are becoming more attractive as the price of 
microcomputer power and storage continues to decline. 

Smart cards have two main advantages over magnetic-stripe 
cards. First, they can carry up to 100 times as much information... 
...a terminal. A smart card and a card reader can engage in a sequence of 
interactions that validate the card reader as well as the smart card-a 
form of mutual authentication . With the use of advanced algorithms, a 
credit-card holder will be able to use a local... 

...smart card in 1977 for Cartes Bancaires. 

Today, because of smart cards, French merchants rely on personal- 
identification numbers (PINs) to verify the ownership of a card simply 
by checking the PIN typed in by a customer against the... 

...importance of the information involved, application system security 
might rely on any of several methods: a personal identification number 
like those used with automated teller machines, biometrics that uniquely 
connect the card to the card carrier, a mid -range encryption system such 
as the data-encryption standard. . . 

...of contacts on the face of a smart card to make any card and reader 
compatible with each other . 

Copyright (c) 1996 CMP Media Inc. 
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OpenCard Consortium ^dds Four New Members 

Report on Smart Cards 
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Four more companies have joined the OpenCard Consortium (OCC) , bringin 
g the organization's total to 19/members seeking interoperability among sma 
rt cards and computing devices./ The new members 

(c) BRP PUBLICATIONS/ All Rts. Reserv. 

COMPANY NAME ( S ) : ActivCardylnc ; American\Express Travel Related Services 
Co Inc ; Bull Personal Transaction SystemsX; Dallas Semiconductor Corp ; 
First Access ; First Datar Corp ; G International Inc ; Gemplus Corp ; 
Intellect Holdings Ltd / IBM Corp ; Network Computer Inc ; Newcom 
Technologies Ltd ; OpenCard Consortium Management ; OCC ; Schlumberger 
Smart Cards & Terminal^ ; Siemens Microelectronics Inc ; Sun Microsystems 
Inc ; SCM Microsystems Inc ; Toshiba Inc ; UbiQ^ Inc ; Visa International 
TEXT: 

...deploy smart card-based solutions in any Openfoird- compliant environment. 
Based on Java technology, OCF provides a common \interface for both 
smart card readers and the application on the bstord, with enhanced 
portability and interoperability. The OCC is working with Visa 
International to identify common areas of the OCF and the Visa Open 
Platform terminal specifications... 
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GemClub-Memo Enables More Loyalty Offerings 

Report on Smart Cards 

November 2,1998 VOL: 12 ISSUE: 20 DOCUMENT TYPE: NEWSLETTER 
PUBLISHER: BRP PUBLICATIONS 

LANGUAGE: ENGLISH WORD COUNT: 1050 RECORD TYPE: FULLTEXT 

Merchants looking for enhanced loyalty offerings from a smart card can 
use a new high-performance memory card issued Oct. 29 by Gemplus Corp. Th 
e GemClub-Memo greatly improves the economics of 

(c) BRP PUBLICATIONS All Rts . Reserv. 

COMPANY NAME ( S ) : Adicarte ; Corn Card International ; Coupling University ; 
Fleet ; Gemplus Corp ; Neptune Group ; Portsmouth City Council ; Portsmouth 
University ; Total ; University of Nebraska 

TEXT: 

...counters on its chip, allowing two applications to run on the card, 
either independently and secure of each other , or interactively. For 
example, a retailer can issue a single card with both a reward program and 



...last month unveiled the GCR800-MS, a portable smart card reader designed 
for applications requiring mobility, user authentication and . . .The 
reader's twin smart card interface can handle the reading and writing 
of two cards at the same time, a vital feature for authentication or 
digital signatures. A docking station for the card reader has an 
integrated modem that allows connection if required to a central server 
for data transfer or the updating of an application program. . . 

...the home visits made by helpers. Adicarte is based on the use of the 
smart card to identify the service providers as well as the beneficiaries 
...return the bike, it can be left at any depot where inserting the smart 
card again will identify the bike and user, then release a rack so that 
the ...an ideal way to accomplish this mission. As with the word 
s plastic, 1 someday ^Mazin* will become a common household word worldwide 



